How to install Let’s Encrypt on Ubuntu 16.04/18.04 with Apache2

We’ll show you, How to install Let’s Encrypt on Ubuntu 16.04/18.04 with Apache2. Let’s Encrypt is a relatively new SSL Certificate Authority (CA) that provides completely free SSL certificates that are just as secure as the paid certificates issued by the major trusted certificate authorities. Let’s Encrypt is supported by major players like Mozilla, Akamai, Cisco, the EFF and managed by the Linux Foundation. In this article we will guide you through the steps of installing Let’s Encrypt SSL certificate on an Ubuntu 16.04/18.04 VPS with Apache2 web server. We assume that you already have Apache2 installed and configured on your server. Installing Let’s Encrypt on Ubuntu 16.04/18.04 with Apache2, is really an easy task and should take around 10 minutes.

1. Update the system

Log in to your Ubuntu 16.04/18.04 Server via SSH as user root

ssh root@IP_Address -p Port_Number

and make sure that it is fully up to date

apt-get update && apt-get upgrade

2. Install Certbot client

Certbot is a client that fetches a certificate from Let’s Encrypt. Its developers have created their own Ubuntu Repository where you can get the latest version of the client.

Run the following command to add the Certbot repository

sudo add-apt-repository ppa:certbot/certbot

Accept the installation, update the package list and install Certbot for apache

apt-get update
apt-get install python-certbot-apache

At this step Certbot is installed and you are ready to obtain your free Let’s Encrypt SSL certificate.

3. Obtain a Let’s Encrypt Certificate

The certificate can be installed using several Certbot plugins. In this tutorial we will use the Nginx plugin which will make all necessary steps such as configuring Nginx and reloading its configuration.

To do this, run the following command

certbot --apache -d domain.com -d www.domain.com

And of course, replace ‘domain.com’ with your actual domain name.

When you generate a certificate for the firs time, you will have to enter your email address and agree with Certbot’s terms of service.

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
-------------------------------------------------------------------------------
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):

If you want all your website visitors to be redirected to HTTP which is the recommended option, select number 2 and hit the ‘Enter’ key.

If the Let’s Encrypt SSL certificate is successfully installed you will get the following output

IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/domain.com/fullchain.pem. Your cert will
expire on 2017-10-23. To obtain a new or tweaked version of this
certificate in the future, simply run certbot again with the
"certonly" option. To non-interactively renew *all* of your
certificates, run "certbot renew"
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

Now you should have successfully installed and configured Let’s Encrypt SSL certificate on your ‘domain.com’ domain name. You can check this by visiting https://domain.com

Let’s Encrypt SSL certificates are valid for 90 days, and we will configure it to be automatically renewed by creating a cron job. Let’s Encrypt recommends the automatic renew cronjob to run twice a day. So, edit the crontab